packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-5371

Browse Source
This commit is contained in:
wk333 2023-10-07 14:52:45 +08:00
parent 6f3894badd
commit 48ab59482a
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2023-5371.patch Normal file
View File

@ -0,0 +1,48 @@
From 1921740b0bf561941e0906884757831bde989add Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Wed, 6 Sep 2023 06:13:23 -0400
Subject: [PATCH] RTPS: Check for signed overflow
Origin: https://gitlab.com/wireshark/wireshark/-/commit/1921740b0bf561941e0906884757831bde989add
The offset is a signed integer, and we use negative offsets
to mean "offset counting from the end of the tvb." That means
that we can still have an excessive loop without unsigned overflow
or running off the end of the tvb, if the result of adding a large
unsigned integer to the offset results in a small negative number.
Just check if the result of the addition makes the offset move
backwards.
Fix #19322
(backported from commit 0de07f8fe4f8e06da9084485e64a24c8f85a20f4)
---
epan/dissectors/packet-rtps.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
index 82ac8f9436b..c152d50dfc6 100644
--- a/epan/dissectors/packet-rtps.c
+++ b/epan/dissectors/packet-rtps.c
@@ -2474,13 +2474,14 @@ static const fragment_items rtps_frag_items = {
"RTPS fragments"
};
-static guint32 check_offset_addition(guint32 offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
+static gint check_offset_addition(gint offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
{
- if (offset > G_MAXUINT32 - value) {
+ gint new_offset = offset + (gint)value;
+ if (new_offset < offset) {
proto_tree_add_expert_format(tree, pinfo, &ei_rtps_value_too_large, tvb, 0, 0, "Offset value too large: %u", value);
THROW(ReportedBoundsError);
}
- return offset + value;
+ return new_offset;
}
static void rtps_util_dissect_parameter_header(tvbuff_t * tvb, gint * offset,
--
GitLab

6
wireshark.spec
View File

@ -5,7 +5,7 @@
Summary: Network traffic analyzer Summary: Network traffic analyzer
Name: wireshark Name: wireshark
Version: 3.6.14 Version: 3.6.14
Release: 3 Release: 4
Epoch: 1 Epoch: 1
License: GPL+ License: GPL+
Url: http://www.wireshark.org/ Url: http://www.wireshark.org/
@ -27,6 +27,7 @@ Patch10: CVE-2023-2906.patch
Patch11: CVE-2023-4513-1.patch Patch11: CVE-2023-4513-1.patch
Patch12: CVE-2023-4513-2.patch Patch12: CVE-2023-4513-2.patch
Patch13: CVE-2023-4511.patch Patch13: CVE-2023-4511.patch
Patch14: CVE-2023-5371.patch
Requires: xdg-utils Requires: xdg-utils
Requires: hicolor-icon-theme Requires: hicolor-icon-theme
@ -201,6 +202,9 @@ exit 0
%{_mandir}/man?/* %{_mandir}/man?/*
%changelog %changelog
* Sat Oct 07 2023 wangkai <13474090681@163.com> - 1:3.6.14-4
- Fix CVE-2023-5371
* Wed Sep 06 2023 wangkai <13474090681@163.com> - 1:3.6.14-3 * Wed Sep 06 2023 wangkai <13474090681@163.com> - 1:3.6.14-3
- Fix CVE-2023-3649,CVE-2023-2906,CVE-2023-4511,CVE-2023-4513 - Fix CVE-2023-3649,CVE-2023-2906,CVE-2023-4511,CVE-2023-4513